Major Browsers, Java Hacked on the First Day of Pwn2Own 2013

[Nytro]

[h=1]Major Browsers, Java Hacked on the First Day of Pwn2Own 2013[/h]March 7th, 2013, 14:04 GMT · By Eduard Kovacs

Considering the large amounts of money being offered at Pwn2Own 2013, we shouldn’t be surprised that most of the web browsers have been hacked on the first day of the competition, held these days in Canada as part of the CanSecWest conference.

So far, Firefox, Internet Explorer 10, Java and Chrome have been broken by the contestants.

French security firm VUPEN announced breaking Internet Explorer 10 on Windows 8, Firefox 19 on Windows 7, and Java.

“We've pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass,” VUPEN wrote on Twitter.

“We've pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP,” the company said two hours later.

It appears they hacked Java by leveraging a “unique heap overflow as a memory leak to bypass ASLR and as a code execution.”

“ALL our 0days & techniques used at #Pwn2own have been reported to affected software vendors to allow them issue patches and protect users,” VUPEN said.

Experts from MWR Labs have managed to demonstrate a full sandbox bypass exploit against the latest stable version of Chrome.

“By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process,” MWR Labs representatives wrote.

“We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges.”

Java was also “pwned” by Josh Drake of Accuvant Labs and James Forshaw of Contextis.

Currently, VUPEN is working on breaking Flash, Pham Toan is attempting to hack Internet Explorer 10, and the famous George Hotz is taking a crack at Adobe Reader.

Sursa: Major Browsers, Java Hacked on the First Day of Pwn2Own 2013 - Softpedia

[Nytro]

La cat de complicate sunt lucrurile si banii sunt pe masura.

Conteaza insa si cum colaboreaza companiile. CEO-ul de la VUPEN (cei mai smecheri in domeniul "exploit development" dupa parerea mea) a declarat ca Microsoft nu mai vrea sa le cumpere 0day-urile (cel din IE10 pe Win8) si in concluzie acestea vor ajunge la guverne. Ceea cea nu e deloc ok.